CVE-2025-71323

CRITICAL SEVERITY

CVSS Score & Metrics

Base Score

9.8 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H                                    

Vulnerability Description

picklescan before 0.0.33 fails to block the ctypes module, allowing attackers to achieve remote code execution by invoking direct syscalls and accessing raw memory. Attackers can craft malicious pickle files using ctypes.WinDLL to load kernel32.dll and execute arbitrary commands, bypassing sandbox protections and gadget chain detection.

Vulnerability Details

Published Date

June 17, 2026

Last Modified

June 17, 2026

CWE ID

CWE-184

Source

NVD

Vendor

picklescan

Product

picklescan

External References

https://github.com/mmaitre314/picklescan/security/advisories/GHSA-4675-36f9-wf6r
https://www.vulncheck.com/advisories/picklescan-remote-code-execution-via-unblocked-ctypes-module
https://github.com/mmaitre314/picklescan/security/advisories/GHSA-4675-36f9-wf6r

CVE-2025-71323

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment